Best way to exclude classes from a few nodes
216 views
Skip to first unread message
djc...@gmail.com
Sep 17, 2020, 1:19:03 PM9/17/20
to Puppet Users
Hello experts,
I apply all my current classes like so:
# cat site.pp
node default {
class { 'selinux':
mode => 'permissive',
type => 'targeted', }
class { 'commonpackages': }
class { 'polkit': }
class { 'libstoragemgmt': }
class { 'rngd': }
class { 'gssproxy': }
class { 'smartd': }
class { 'firewalld': }
class { 'grubipv6disable': }
class { 'grubrootpasswd': }
class { 'grubcrash': }
class { 'logrotate': }
class { 'htop': }
class { 'vim': }
class { 'yum': }
class { 'yumlocalrepo': }
class { 'sysctl': }
class { 'sysconfig': }
class { 'bashrc': }
class { 'vault': }
class { 'useradd': }
class { 'crontab': }
class { 'modprobe': }
class { 'rsyslogd': }
class { 'sudoers': }
class { 'motd': }
class { 'pam': }
class { 'issue': }
class { 'issuenet': }
class { 'limits': }
class { 'timezone': }
class { 'profiled': }
class { 'pulpconsumer': }
class { 'resolver': }
class { 'aide': }
class { 'autofs': }
class { 'vmtoolsd': }
class { 'ntpd': }
class { 'postfix': }
class { 'auditd': }
class { 'sshd': }
class { 'idmclient': }
}
However, it's now become apparent that I need to exclude the grubipv6disable from some nodes (all have idm0 in their hostname).
What is the best way (or the less complicated) to achive this?
Thanks in advance.
Dan.
niall.li...@gmail.com
Sep 17, 2020, 6:04:00 PM9/17/20
to puppet...@googlegroups.com
I'm not an expert by any means.
The easiest way would be to use regex for this - there's an example in https://puppet.com/docs/puppet/6.17/lang_node_definitions.html.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e0226cb0-a8d9-4767-afa7-093c89358063n%40googlegroups.com.
Martin Alfke
Sep 18, 2020, 7:43:26 AM9/18/20
to puppet...@googlegroups.com
Add a parameter to grubipv6disable class which controls the internal behaviour.
e.g.
# modules/grubipv6disable/manifests/init.pp
class grubipv6disable (
Boolean $enable = true,
){
if $enable {
# add here the code from the class.
}
}
Now you add hiera.yaml to your control-repo and add node specific data.
e.g.
data/nodes/<nodename>.yaml
---
grubipv6disable::enable: false
Hth,
Martin
djc...@gmail.com
Sep 28, 2020, 6:03:38 AM9/28/20
to Puppet Users
Thanks for that Martin,
I seem to have unearthed a different issue:
# puppet agent --no-daemonize --onetime --verbose
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
# pwd
/etc/puppetlabs/code/environments/production/modules/grubipv6disable
# more manifests/init.pp
class grubipv6disable (
Boolean $enable,
) {
contain grubipv6disable::config
}
# more manifests/config.pp
class grubipv6disable::config (
Boolean $enable = true,
){
if $enable {
if $facts['os']['release']['major'] =~ /7/ {
exec { 'grub2_ipv6_disable':
command => '/usr/sbin/grubby --update-kernel=ALL --args=ipv6.disable=1',
unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
}
} else {
notice ('Assuming RHEL 6.x thus taking no action')
}
}
}
# pwd
/etc/puppetlabs/code/environments/production/data
# more nodes/lhcsrvprdidm02.fixnetix.com.yaml
---
grubipv6disable::enable: false
Seems hiera is not being read.
Any further help you can provide would be appreciated
Thanks,
Dan.
Rebecca Robinson
Sep 28, 2020, 6:08:02 AM9/28/20
to puppet...@googlegroups.com
You can use the puppet lookup command with the explain flag to see what is being returned.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com.
Martin Alfke
Sep 28, 2020, 6:54:42 AM9/28/20
to puppet...@googlegroups.com
Hi Dan,
I would write the grubipv6disable class in another way:
class grubipv6disable (
Boolean $enable,
) {
Boolean $enable,
) {
if $enable {
contain grubipv6disable::config
}
}
}
And keep the grubipv6disable::config class as is:
class grubipv6disable::config (
){
){
if $facts['os']['release']['major'] =~ /7/ {
exec { 'grub2_ipv6_disable':
command => '/usr/sbin/grubby --update-kernel=ALL --args=ipv6.disable=1',
unless => '/usr/sbin/grubby --info=ALL | /usr/bin/grep ipv6'
}
} else {
notice ('Assuming RHEL 6.x thus taking no action')
}
}
Parameters, like variables, are always local to a class.
Best,
Martin
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b168cfbc-a37a-4ecd-b394-223de8580440n%40googlegroups.com.
djc...@gmail.com
Sep 28, 2020, 9:18:42 AM9/28/20
to Puppet Users
Thanks again Martin,
I've changed the code as per recommended. However, the same issue still persists. I'm starting to think that the issue is not code related but lies elsewhere
# puppet agent --no-daemonize --onetime --verbose
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
Info: Using cached catalog from environment 'production'
Info: Applying configuration version '1601218290'
Notice: Applied catalog in 1.95 seconds
I've checked if a lookup checks-out ok:
# puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable
--- false
Thanks,
Dan.
Martin Alfke
Sep 28, 2020, 9:23:49 AM9/28/20
to puppet...@googlegroups.com
In this case it is hiera.
Can you please check:
- that there is no global hiera.yaml file in /etc/puppetlabs/puppet/hiera.yaml or, that the data paths mentioned in that file are empty
- that node is the top level environment in your environment hiera.yaml file (/etc/puppetlabs/code/environment/<environment>/hiera.yaml
- that your Puppet code changes are done in production environment and not within a feature branch or: if you use a feature branch: that the data fir enabling/disabling the flag is also in environment hiera data
Can you run the puppet lookup command again using the ‘--explain’ parameter?
Hth,
Martin
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6ce33b24-d9e3-4c5d-bb9f-9295f900db36n%40googlegroups.com.
djc...@gmail.com
Sep 28, 2020, 9:37:42 AM9/28/20
to Puppet Users
There is indeed a
global hiera.yaml file:
# cat /etc/puppetlabs/puppet/hiera.yaml
---
# Hiera 5 Global configuration file
version: 5
# defaults:
# data_hash: yaml_data
# hierarchy:
# - name: Common
# data_hash: yaml_data
hierarchy: []
Top level environment hiera looks good:
# cat /etc/puppetlabs/code/environments/production/hiera.yaml
---
version: 5
defaults:
# The default value for "datadir" is "data" under the same directory as the hiera.yaml
# file (this file)
# When specifying a datadir, make sure the directory exists.
# See https://puppet.com/docs/puppet/latest/environments_about.html for further details on environments.
datadir: data
data_hash: yaml_data
hierarchy:
- name: "Per-node data" # Human-readable name.
path: "nodes/%{trusted.certname}.yaml" # File path, relative to datadir.
- name: "Per-OS defaults"
path: "os/%{facts.os.family}.yaml"
- name: "Common data"
path: "common.yaml"
There is no associated branch or alike in this instance.
Here's the puppet lookup output with --explain:
# puppet lookup --node lhcsrvprdidm02.fixnetix.com grubipv6disable::enable --explain
Searching for "lookup_options"
Global Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
No such key: "lookup_options"
Environment Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"
Merge strategy hash
Hierarchy entry "Per-node data"
Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
No such key: "lookup_options"
Hierarchy entry "Per-OS defaults"
Path "/etc/puppetlabs/code/environments/production/data/os/RedHat.yaml"
Original path: "os/%{facts.os.family}.yaml"
Path not found
Hierarchy entry "Common data"
Path "/etc/puppetlabs/code/environments/production/data/common.yaml"
Original path: "common.yaml"
Path not found
Module "grubipv6disable" Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/hiera.yaml"
Merge strategy hash
Hierarchy entry "osfamily/major release"
Merge strategy hash
Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
Original path: "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
Path not found
Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/7.yaml"
Original path: "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
Path not found
Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat/3.10.0-1127.13.1.el7.x86_64.yaml"
Original path: "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
Path not found
Hierarchy entry "osfamily"
Merge strategy hash
Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
Original path: "os/%{facts.os.name}.yaml"
Path not found
Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/os/RedHat.yaml"
Original path: "os/%{facts.os.family}.yaml"
Path not found
Hierarchy entry "common"
Path "/etc/puppetlabs/code/environments/production/modules/grubipv6disable/data/common.yaml"
Original path: "common.yaml"
No such key: "lookup_options"
Searching for "grubipv6disable::enable"
Global Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/puppet/hiera.yaml"
No such key: "grubipv6disable::enable"
Environment Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"
Hierarchy entry "Per-node data"
Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
Found key: "grubipv6disable::enable" value: false
Thanks,
Dan.
djc...@gmail.com
Oct 1, 2020, 6:05:53 AM10/1/20
to Puppet Users
Hello Martin,
Do you have any further thoughts on the above?
Thanks,
Dan.
Martin Alfke
Oct 1, 2020, 6:24:04 AM10/1/20
to puppet...@googlegroups.com
Hi Dan,
The puppet lookup explain told you what it has found:
Environment Data Provider (hiera configuration version 5)
Using configuration "/etc/puppetlabs/code/environments/production/hiera.yaml"
Hierarchy entry "Per-node data"
Path "/etc/puppetlabs/code/environments/production/data/nodes/lhcsrvprdidm02.fixnetix.com.yaml"
Original path: "nodes/%{trusted.certname}.yaml"
Found key: "grubipv6disable::enable" value: false
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/4dd65c40-7489-4c9e-81db-0c75f2a43cddn%40googlegroups.com.
djc...@gmail.com
Oct 1, 2020, 6:30:33 AM10/1/20
to Puppet Users
Thanks Martin, yes (on fours servers to be specific all with idm0 in the hostname). Problem I have, is although the lookup is returning what I need, when I run the agent, it returns:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Grubipv6disable]: expects a value for parameter 'enable' (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 12, column: 3) on node lhcsrvprdidm02.fixnetix.com
I guessing that this is suggesting the expected hiera vaule can't be found.
Thanks,
Dan.
Martin Alfke
Oct 1, 2020, 6:40:49 AM10/1/20
to puppet...@googlegroups.com
Which version of puppet are you using?
Puppet 5 or puppert 6?
And: did you ran the puppet lookup command as root user? (I assume so, I just want to be sure)
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/a6ea6ef0-94a8-426c-9df8-34f102ef8b76n%40googlegroups.com.
djc...@gmail.com
Oct 1, 2020, 6:44:47 AM10/1/20
to Puppet Users
Puppet 6:
# puppet --version
6.15.0
Yes, I ran the lookup as root.
Martin Alfke
Oct 1, 2020, 6:58:45 AM10/1/20
to puppet...@googlegroups.com
One more try:
node default {
# …
In your manifests/site.pp change the class declaration from class to include:
node default {
# …
# class { 'grubipv6disable': }
include grubipv6disable
# …
}
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/7d82ef09-ada0-4b07-a894-a7068b09c954n%40googlegroups.com.
djc...@gmail.com
Oct 1, 2020, 9:32:43 AM10/1/20
to Puppet Users
Unfortunately still the same issue.
Reply all
Reply to author
Forward
0 new messages